Anti-Virus/Malware for SMB

_Simon · December 21, 2018, 8:44pm

Hey!

The subscription for our current and quite frankly not too great solution is running out and I’m looking for something better as a replacement.

We run a setup with 2 Hyper-V hosts with various Windows 2016 servers (DC, SQL, FILE etc.) and a few Ubuntu/Debian. All ~70 clients are either Windows 10 Pro or Enterprise.

I’m looking for a solution that works, works well, is easy to manage from a central location, easy to deploy and so on, and ideally it’ll work for all clients and servers. Having the few Linux boxes included isn’t a must by any means.

It’s a bit of a jungle out there so I figured I would ask you guys for a recommendation, maybe along with a few words why you went that route.

Thanks!

blackfire · December 23, 2018, 1:43pm

Really depends on your budget and target potential. This isn’t as easy as desktop as each company does different levels of protection.
Cylance
Eset
Sophos
Those are quite highly regarded in my industry of security but they are not cheap.
Steer clear of Symantec for obvious reasons
McAfee have come a long way in the last 5 years but still not something I would put in my environment.

Do you need dlp and malware behaviour analysis as well?

_Simon · January 16, 2019, 12:43pm

Thanks for the suggestions! Did some research and ended up with Sophos.

Right now we’re using TrendMicro and Sophos only cost 50% more so that seems totally worth it.

Adubs · January 16, 2019, 1:15pm

sophos is a good pick

_Simon · January 16, 2019, 2:34pm

Seems very solid indeed.

Also turns out we’re getting the first 6 months of Sophos completely free of charge as that is the remaining subscription time on our current solution. That’s around 2000$ worth of licensing to get us as a customer now rather than later, good sales strategy and a smooth and easy transition for us.

Adubs · January 16, 2019, 2:37pm

We went with cylance here but it quickly became apparent that it has a lot of problems with false positives and the interface they give you to allow said falses is slow to implement the change on the client. Needless to say sophos doesnt suffer the same for us. Havent tried much else.

_Simon · January 16, 2019, 2:57pm

Ah damn, that sounds annoying. Really shouldn’t take more than a couple of minutes for such changes to fully propagate.

Hope I don’t run into any annoying issues with Sophos - time will tell…

Adubs · January 16, 2019, 2:58pm

Once we switched machines over, I have had to do 0 administration on that front. I doubt you will too. Its pretty hands off.

Hammerhead_Corvette · January 16, 2019, 3:06pm

TrendMicro is terrible… The update process broke so much, we had to reach out to them and get a tool to force update all machines and our end users would complain that the pop-up would announce ‘Your system is unsafe contact your Administrator’ for the duration of the update process. That was hectic !

sophos is a good choice

_Simon · January 16, 2019, 3:10pm

Sounds good! Hands off is exactly what I’m looking for - deploy and forget.

_Simon · January 16, 2019, 3:18pm

Agreed! TrendMicro is absolutely terrible in every single way.

I recently took over managing IT for a SMB and using TrendMicro is just one of many choices from the past that I don’t agree with.

Hammerhead_Corvette · January 16, 2019, 3:23pm

congrats !

I will say that we had (previous employer) under 450 desktops + Laptops + Surface tablets all on TrendMicro. I am so glad those days are over. I wrote a script to help out the process but an update broke that ! Go figure

_Simon · January 16, 2019, 7:42pm

That’s exactly 4 times as many desktops/laptops as I have to deal with and certainly too much to manually run around and fix the problems. Glad to hear you no longer have to deal with that!

If I spend 10 hours less on Sophos than TrendMicro in a year the price difference have been made up just by that. Worth!